package com.hh.config;

import cn.hutool.core.io.FileUtil;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;

import java.io.IOException;
import java.nio.charset.Charset;
import java.security.KeyPair;

/**
 * @author 辉辉 2022/8/14 16:55
 * 开启资源服务器
 * 统一做jwt的报错
 */
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启方法级别的验证
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    /**
     * 因为common有这个对象了 我就不需要他了
     * @return
     */
    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    /**
     * 做公钥的解析
     *
     * @return
     */
    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        // 设置公钥
        ClassPathResource resource = new ClassPathResource("publicKey.txt");
        String publicKey = null;
        try {
            publicKey = FileUtil.readString(resource.getFile(), Charset.defaultCharset());
        } catch (IOException e) {
            e.printStackTrace();
        }
        // 设置公钥
        jwtAccessTokenConverter.setVerifierKey(publicKey);
        return jwtAccessTokenConverter;
    }

    /**
     * 设置资源
     * 暴露服务
     *
     * @param resources
     * @throws Exception
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenStore(tokenStore());
    }

    /**
     * 配置放行路径 所有的微服务都依赖common
     * swagger
     * http的设置
     *
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        // 因为使用jwt的方式就不需要session
        http.sessionManagement().disable();
        // 放行的路径
        http.authorizeRequests()
                .antMatchers("/v2/api-docs",
                        "/v3/api-docs",
                        "/swagger-resources/configuration/ui", //用来获取支持的动作
                        "/swagger-resources", //用来获取 api-docs 的 URI
                        "/swagger-resources/configuration/security",//安全选项
                        "/webjars/**",
                        "/swagger-ui/**",
                        "/manager-service/file/**",
                        "/druid/**",
                        "/actuator/**")
                .permitAll()
                // 所有的路径
                .antMatchers("/**")
                .authenticated()
                .and()
                .headers()
                // 控制请求头的缓存
                .cacheControl();
    }
}
